The Financial Conduct Authority (FCA) has published its near-final rules and guidance on the Senior Managers & Certification Regime (SMCR).
The SMCR will replace the current Approved Persons Regime on 9 December 2019.
- The FCA published its Policy Statement (PS 18/14) and Guide on the extension of the SMCR for FCA solo-regulated firms on 4 July 2018.
- The PRA and FCA both issued Policy Statements (PS 18/15 and PS 15/18) on the extension of the SMCR to insurers on 4 July 2018.
- The near-final rules and guidance contained in these Policy Statements do not differ significantly from those published in the draft consultation papers (CP 17/25 and CP 17/40 for FCA solo-regulated firms and CP 14/17 and CP 28/17 for PRA regulated insurers).
- The SMCR aims to encourage staff to take personal responsibility for their actions; improve conduct at all levels; and make sure firms and staff clearly understand and can show who does what.
We focus here on the extension of the SMCR for FCA solo-regulated firms.
Firms need to assess the impact of the SMCR on their business now.
Key considerations for all firms
- Which tier does your firm fall into: limited scope, core or enhanced?
- What Senior Management Functions will apply to your firm?
- Does your firm have individuals who will perform relevant Senior Management Functions?
- Does your firm need to change any existing approvals, or add new ones before the SMCR begins?
- Do you know which of your current approved persons will no longer be approved (i.e. which approvals will lapse under the SMCR)?
- Does each of the senior managers within your firm have a Statement of Responsibility?
- Do you know which Prescribed Responsibilities (if any) will apply to your firm and how these will be allocated to the senior managers within your firm?
Certification Regime and Fitness and Propriety Checks
- Do you know which of the certification functions apply to your firm?
- Do you know which employees will need to be certified on an annual basis?
- How might the annual fitness and propriety checks fit into your firm's existing HR processes?
Regulatory References and Criminal Records Checks
- Do you know how the new criminal record checks and regulatory reference requirements fit into your firm's existing recruitment processes?
- Does your firm have in place the appropriate processes to obtain Criminal Records Checks for new Senior Managers? Is your firm registered with the DBS?
- Can you identify your firm's ancillary staff (i.e. those to whom the Conduct Rules do not apply)?
- Do you understand the Conduct Rules training and notification/reporting requirements for Senior Managers and all other staff?
Key points for firms to consider
1. Are you in scope?
The SMCR will apply to:
- All firms in the UK that are authorised under the Financial Services and Markets Act 2000 (FSMA) and regulated by the FCA; and
- EEA and third country branches with permission to carry out regulated activities in the UK.
The SMCR will not apply to:
- Firms that are not authorised under FSMA (e.g. payment services firms); and
- Appointed representatives.
These firms will continue to be subject to the Approved Persons Regime.
2. If in scope, how will the SMCR apply to you?
The FCA is extending the SMCR in a way that is proportionate to the size of the firm.
As a first step, firms will need to determine which tier they fall within. There are 3 tiers of classification:
- Limited scope: firms in this tier will be exempt from some baseline requirements under the SMCR. Limited scope firms are those that already have exemptions under the Approved Persons Regime (e.g. limited permission consumer credit firms, sole traders, service companies, oil and energy market participants, certain insurance intermediaries and authorised internally managed alternative investment funds).
- Core: firms in this tier will have to comply with the baseline requirements under the SMCR.
- Enhanced: firms in this tier will have to comply with the extra requirements under the SMCR. Enhanced firms are those whose size, complexity and potential impact on consumers or markets warrant more attention (e.g. large investment firms, custodians, asset managers, intermediaries, consumer credit business, mortgage lenders or administrators).
3. What about group structures?
Firms must apply the SMCR at a legal entity level (rather than group level). This means there will be groups which contain firms in different tiers of the SMCR. However groups may choose to apply the highest tier of the regime to all entities in their group, but there is no expectation or requirement for firms to do this.
4. What if you are a senior manager and based overseas?
There is no territorial limitation on the SMCR. It will apply to anyone who performs a senior management function (SMF), whether they are based in the UK or overseas.
5. What are the new Senior Management Functions?
||Group Entity Senior Manager
||Chair of the Risk Committee
||Chair of the Audit Committee
||Chair of the Remuneration Committee
||Chair of the Nominations Committee
||Senior Independent Director
||Money Laundering Reporting Officer
||Other Overall Responsibility
||Limited Scope Function (currently the CF8 Apportionment and Oversight Function).
Systems & Controls Functions
||Chief Finance Function
||Chief Risk Function
||Head of Internal Audit
||Chief Operations Function
||EEA Branch Senior Manager
Third Country Branches
||Head of Third Country Branch
Note for Non-Executive Directors (NEDs): Only those NEDs who hold a Chair role (including Chairs of Committees) will be approved by the FCA. Other NEDs currently approved by the FCA as CF2s will not need to be approved by the FCA - their existing approval will lapse under the SMCR. However NEDs will still be subject to the FCA's Conduct Rules, fitness and propriety requirements and regulatory reference rules.
6. What is the 12 week rule?
The SMCR allows someone to cover for a senior manager, without being approved by the FCA, where the absence is temporary or reasonably unforeseen and the appointment is for less than 12 consecutive weeks.
7. Statement of Responsibilities
The Statement of Responsibilities is a single document that every senior manager will need to have, clearly setting out their role and responsibilities. This is required under FSMA and applies to all firms.
8. Responsibilities Map
This applies to enhanced firms only. Enhanced firms must prepare and maintain a Responsibilities Map. This is a single document that sets out the firm's management and governance arrangements.
9. Certification Regime
This applies to employees whose role means that it is possible for them to cause significant harm to the firm or its customers and/or market integrity. These roles are called 'certification functions'.
These employees will not need to be approved by the FCA. Instead, firms will need to check and confirm, at least once a year, that these employees are fit and proper to perform their role and issue them with a certificate.
The certification regime only applies to employees of firms - i.e. anyone who personally provides, or is under an obligation to provide, services to the firm under an arrangement made between the firm and the person providing the services or another person, and is subject to (or to the right of) supervision, direction or control by the firm as to the manner in which those services are provided. This means it may include secondees and contractors, but does not apply to NEDs.
The following are certification functions under the SMCR:
- Significant management function (currently CF29)
- Proprietary traders
- CASS operational oversight function (currently CF10a)
- Functions subject to qualification requirements (e.g. mortgage advisers and retail investment advisers)
- Client dealing function (anyone dealing in or arranging investments with clients, including retail and professional clients and eligible counterparties) (e.g. financial advisers, people involved in corporate finance business, people involved in dealing or arranging deals in investments and investment managers)
- Anyone who supervises or manages a certified function (directly or indirectly) but is not a senior manager
- Material risk takers
- People with responsibility for algorithmic trading
Firms have 12 months from the commencement date of the SMCR to complete the fitness and propriety checks and the certification process.
The certification regime generally applies to employees based in the UK (or if overseas, employees that are dealing with UK clients) - unless the employee is a material risk taker, in which case they are subject to the certification regime regardless of their location.
10. Fitness and Propriety
This applies to all firms.
Firms must take responsibility for their staff being fit and proper to do their jobs. This applies to anyone performing a SMF or a certification function. It also applies to NEDs who are not senior managers (except in limited scope firms).
Assessing a person's fitness and propriety includes consideration of the following:
- Honesty, integrity and reputation
- Competence and capability, including whether the person satisfies any relevant FCA training and competence requirements
- Financial soundness
Firms must collect evidence when assessing candidates for senior manager positions, certification functions or NED roles (even if they are not senior managers).
Firms must also undertake criminal record checks. This is mandatory for applicants for senior manager roles and NEDs who are not senior managers. It is optional for individuals performing certification functions.
Firms must request a reference for senior manager and certification function candidates from their past employers (going back 6 years unless it is for serious misconduct, in which case there is no time limit). This also applies to NEDs who aren't senior managers.
Past employers must disclose:
- Details of any disciplinary action taken due to breach of conduct rules;
- Any findings that the person was not fit and proper; and
- Any other information relevant to assessing whether a candidate is fit and proper (e.g. number of upheld complaints).
11. The Conduct Rules
These apply to all firms and the majority of employees within the firm.
The Conduct Rules are a new set of enforceable rules that set basic standards of good personal conduct against which the FCA can hold people to account. The Conduct Rules are intended to help firms shape their culture, standards and policies, and promote positive behaviours, from the top down and the bottom up, to reduce harm.
The Conduct Rules apply to a firm's regulated and unregulated financial services activities (including any related ancillary activities).
Individual conduct rules
These apply to most employees and directors in a firm and cover:
- The duty to act with integrity;
- The duty to act with due care, skill and diligence;
- The duty to be open and cooperative with the FCA, the PRA and other regulators;
- The duty to pay due regard to the interests of customers and treat them fairly; and
- The duty to observe proper standards of market conduct.
Senior manager conduct rules
- The duty to take reasonable steps to ensure that the business of the firm for which the senior manager is responsible is controlled effectively;
- The duty to take reasonable steps to ensure that the business of the firm for which the senior manager is responsible complies with the relevant requirements and standards of the regulatory system;
- The duty to take reasonable steps to ensure that any delegation of the senior manager's responsibilities is to an appropriate person and that the senior manager oversees the discharge of the delegated responsibility effectively; and
- The duty to disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
Do the Conduct Rules apply to all employees in a firm?
The Conduct Rules apply to the majority of employees working in firms.
The FCA consider the following roles as ancillary and therefore out of scope of the Conduct Rules: receptionists, switchboard operators, post-room and print-room staff, facilities management, events management, security guards, invoice processing, medical staff, records management, drivers, corporate social responsibility staff, data controllers and processors, cleaners, catering staff, personal assistants and secretaries, IT helpdesk staff and human resources administrators.
Firms must train relevant staff on how the Conduct Rules apply to their role and a senior manager must be allocated the prescribed responsibility for this.
Senior managers and certification staff will need to be trained, and abide by, the Conduct Rules from the start of the SMCR.
Firms have 12 months to put in place processes to comply with the training and reporting requirements and train their other staff on the Conduct Rules.
Firms must notify the FCA when disciplinary action has been taken against a person for breaches of the Conduct Rules. Disciplinary action means:
- Issuing a formal written warning;
- Suspension or dismissal of a person; or
- Reduction or recovery of remuneration (clawback).
For senior managers the notification must be made within 7 business days of concluding disciplinary action, and for other individuals notification must be made as part of the firm's annual reporting.
12. Duty of Responsibility
This applies to all firms.
Every senior manager must have a duty of responsibility under FSMA. It means if a firm breaches one of the FCA's requirements, the senior manager responsible for that area could be held accountable if they didn't take reasonable steps to prevent or stop the breach.
The burden of proof lies with the FCA to show the senior manager did not take the steps a person in their position could reasonably be expected to take to avoid the firm's breach occurring.
13. Prescribed Responsibilities
These apply to core, enhanced and third country branches. None of the Prescribed Responsibilities apply to Limited Scope and EEA Branches.
Prescribed Responsibilities are specific responsibilities that a firm must give to executives who are the most senior persons responsible for that activity or area. This is to ensure the senior managers are accountable for key conduct and prudential risks.
Firms can only divide or share a Prescribed Responsibility in limited circumstances, where they can show that this is appropriate and justifiable.
There are 12 Prescribed Responsibilities:
- Performance by the firm of its obligations under the SMR, including implementation and oversight.
- Performance by the firm of its obligations under the Certification Regime.
- Performance by the firm of its obligations in respect of notifications and training of the Conduct Rules.
- Responsibility for the firm's policies and procedures for countering the risk that the firm might be used to further financial crime.
- Responsibility for the firm's compliance with CASS (if applicable).
- Compliance with the rules relating to the firm's Responsibilities Map.
- Safeguarding and overseeing the independence and performance of the internal audit function.
- Safeguarding and overseeing the independence and performance of the compliance function.
- Safeguarding and overseeing the independence and performance of the risk function.
- If the firm outsources its internal audit function, taking reasonable steps to ensure that every person involved in the performance of the service is independent from the persons who perform external audit, including supervision and management of the work of outsourced internal auditors and management of potential conflicts of interest between the provision of external audit and internal audit services.
- Developing and maintaining the firm's business model.
- Managing the firm's internal stress-tests and ensuring the accuracy and timeliness of information provided to the FCA for the purposes of stress-testing.
- For AIFMs: Responsibility for the firm's value for money assessments, independent director representation and acting in investors' best interests.
Limited scope firms and EEA branches will not need to apply the Prescribed Responsibilities, but they will apply to all other firms.
14. What about Brexit?
The FCA developed the policy in the underlying rules in the context of the existing UK and EU regulatory framework. It will keep the policy under review to assess whether any amendments will be required due to changes in the UK regulatory framework. This includes changes that result from the UK's vote to leave the EU.
15. Next steps & transitional provisions
Senior managers and certification staff must be identified and trained, and abide by the Conduct Rules, from 9 December 2019, but firms will have 12 months from that date to train other staff on the Conduct Rules.
Firms have to identify their certification staff by 9 December 2019, but have 12 months from that date to complete the initial certification processes.
Each senior manager is required to have a Statement of Responsibilities. Firms are not required to submit these to the FCA for individuals that are currently approved persons and converting over to the SMCR, but must be able to provide a senior manager's Statement of Responsibilities to the FCA on request.
16. Links for further information
Extending the SMCR to FCA firms (near-final rules) - FCA's PS 18/14: https://www.fca.org.uk/publication/policy/ps18-14.pdf
Extending the SMCR to Insurers (near-final rules) - FCA's PS 18/15 https://www.fca.org.uk/publication/policy/ps18-15.pdf and PRA's PS 15/18: https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/policy-statement/2018/ps1518.pdf?la=en&hash=9D28A1451F4AAF123C12E9ABF8E2213E17E70023
SMCR Guide for FCA solo-regulated firms: https://www.fca.org.uk/publication/policy/guide-for-fca-solo-regulated-firms.pdf